You receive a Late condition <condition=your_condition> guards early action: 'force_protocol()'. In the next major release this will be an error warning when you install the policy in the Visual Policy Manager (VPM) when you have a username or group defined in your_condition.
An example of such policy: <Proxy> proxy.port=443 condition=ssl_clients force_protocol(ssl)
define condition ssl_clients client.address=10.0.0.0/8 realm=WinSSO group="CN=Users,DC=kldev,dc=bluecat,dc=com" end
This happens because the force_protocol() action needs to be executed before the username could be determined. Having a username as a condition for force_protocol() is therefore invalid.
force_protocol( ) Specifies that the client connection should be treated as a particular protocol type. The connection will be handled by the appropriate application proxy.
1. You may only receive the warning after upgrading from SGOS 5.3 because the guard is added in SG 5.4. 2. This remains true for Windows SSO and Novell SSO despite their usernames/groups can be obtained without the force_protocol() action
Remove any username or group conditions from your policy.
In the example above, the correct policy would be :